Skip to content
Log In

I - Mission Critical Sensitive

Rules and Groups employed by this XCCDF Profile

  • SRG-NET-000402-ALG-000130

    Group
    Show

  • The A10 Networks ADC must reveal error messages only to authorized individuals (ISSO, ISSM, and SA).

    Only authorized personnel should be aware of errors and the details of the errors. Error messages are an indicator of an organization's operational state or can give configuration details about the...
    Rule Medium Severity
    Show

  • SRG-NET-000511-ALG-000051

    Group
    Show

  • The A10 Networks ADC must, at a minimum, off-load audit log records onto a centralized log server.

    Off-loading ensures audit information does not get overwritten if the limited audit storage capacity is reached and also protects the audit record in case the system/component being audited is comp...
    Rule Low Severity
    Show

  • SRG-NET-000512-ALG-000062

    Group
    Show

  • The A10 Networks ADC, when used for load balancing web servers, must deploy the WAF in active mode.

    The Web Application Firewall (WAF) supports three operational modes - Learning, Passive, and Active. Active is the standard operational mode and must be used in order to drop or sanitize traffic. L...
    Rule Medium Severity
    Show

  • SRG-NET-000512-ALG-000062

    Group
    Show

  • If the Data Owner requires it, the A10 Networks ADC must be configured to perform CCN Mask, SSN Mask, and PCRE Mask Request checks.

    If outbound communications traffic is not continuously monitored, hostile activity may not be detected and prevented. Output from application and traffic monitoring serves as input to continuous mo...
    Rule Medium Severity
    Show

  • SRG-NET-000362-ALG-000112

    Group
    Show

  • The A10 Networks ADC must protect against ICMP-based Denial of Service (DoS) attacks by employing ICMP Rate Limiting.

    If the network does not provide safeguards against DoS attacks, network resources will be unavailable to users. Installation of content filtering gateways and application layer firewalls at key bou...
    Rule High Severity
    Show

  • SRG-NET-000512-ALG-000062

    Group
    Show

  • The A10 Networks ADC must protect against TCP SYN floods by using TCP SYN Cookies.

    A SYN flood is a form of denial-of-service attack in which an attacker sends a succession of SYN requests to a target in an attempt to consume resources, making the device unresponsive to legitimat...
    Rule Medium Severity
    Show

  • SRG-NET-000512-ALG-000062

    Group
    Show

  • The A10 Networks ADC must be a FIPS-compliant version.

    Use of weak or untested encryption algorithms undermines the purposes of utilizing encryption to protect data. The network element must implement cryptographic modules adhering to the higher standa...
    Rule High Severity
    Show

  • SRG-NET-000062-ALG-000150

    Group
    Show

  • The A10 Networks ADC, when used for TLS encryption and decryption, must be configured to comply with the required TLS settings in NIST SP 800-52.

    SP 800-52 provides guidance on using the most secure version and configuration of the TLS/SSL protocol. Using older unauthorized versions or incorrectly configuring protocol negotiation makes the g...
    Rule Medium Severity
    Show

Node 2

siemur/test-space

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules